From: [...] Daniel Vainsencher First, we don't represent the board, so we don't make their impression, they do.
No; we are merely constructing an artifact, partially on their behalf.
But I agree with what you say - we don't want to create artificial delays in the progress on the security front, because it determines when the system starts being a real tool for the community.
On the other hand, you don't at all address my reason for keeping security out - it is complicated. And for a system to succeed, nothing is more important than that it be simple in the beginning. Simple so implementation gets finished, simple so people get it enough to see why its useful.
"Everything should be as simple as possible, but not simpler than that." -- Einstein
For a system to succeed, in my experience, it has to be sufficiently useful to its target audience that the members of that audience are each willing to invest the effort required to make the system work. Typically they are willing to invest that time because there is benefit to themselves.
Let's try a different artifact. Most 'mildly-secure' systems consist of the following:
- Registration with username and password;
- A request for an email address;
- A challenge to that email address to check that someone there sent the request;
- An admonition not to publish the password;
- A requirement to log in with username and password in order to make use of the secured resource.
This is absolutely not hacker-proof - I could compromise it in many different ways. Yet, for voting, it probably wouldn't be worth my while. So let's consider that our target for a 'mildly-secure' system for a moment and see how much of it we already have:
- SqP already asks for username/password/email;
- SqP does not validate the email address;
- SqP already requires secured access in order to make use of the secured resource;
- SqP already has things on which one can register an opinion, namely people and projects.
OK, so how about adding 'referenda' as a new kind of thing on which opinions can be registered, giving people the option to validate their email address, and calling that system our 'version 1' voting system? Yes, I accept that we still have to construct our initial set of voters; but I suspect that is going to be the case with any system, and I note that it is conceptually independent of any existing ranking system on SqP.
Doing security right requires more time and expertise than I can muster, so we need someone else to do/push that one. Do you want to?
Within the time I have available, and with the understanding that I am paranoid, have worked on security in the past, but cannot be considered a security expert... I'm willing to do so.
I will update the spec to allow the voters to be specified as a simple string, with 'dvf danielv@tx.technion.ac.il 123456 ls lex@lexspoon.org 654321 ?? Peter@ozzard.org 346098' as the initial value.
Agreed?
Not yet - I'd like some clarification. What are the values here? The first set appear to be initials, and may correspond to an account on SqP (although my usename on SqP is not my initials). The second is an email address. The third?
- Peter